Skills
skills/wanshuiyin/auto-claude-code-research-in-sleep/paper-slides/Gen Agent Trust Hub

paper-slides

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill makes extensive use of shell commands via the Bash tool to perform environment checks (e.g., which pdflatex), manage file structures, and execute document compilation using latexmk.
  • [REMOTE_CODE_EXECUTION]: The optional style-reference feature instructs the agent to execute a local setup script (tools/install_aris.sh) and a Python helper (tools/extract_paper_style.py) purportedly sourced from an external "ARIS repo." This involves running code that is not contained within the skill itself.
  • [EXTERNAL_DOWNLOADS]: The workflow suggests installing the python-pptx package from the public PyPI registry via pip to enable PowerPoint export functionality.
  • [COMMAND_EXECUTION]: In Phase 7, the skill dynamically generates a Python script (slides/generate_pptx.py) and immediately executes it to convert LaTeX content into PowerPoint format. This is a form of dynamic code generation and execution.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from the user's research papers (paper/sections/*.tex) and uses it to construct slide outlines and speaker notes. This creates an indirect prompt injection surface where malicious LaTeX content or hidden instructions in the paper could attempt to manipulate the agent's output or bypass presentation guidelines during the drafting phase. No boundary markers or sanitization steps are explicitly defined for this ingestion.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 06:06 PM
Security Audit — agent-trust-hub — paper-slides